CVE-2020-25927

Name of the Vulnerable Software and Affected Versions NicheStack TCP/IP version 4.0.1

Description The issue is related to errors in processing input data length parameters in the DNS client of NicheLite and InterNiche stacks. This can allow a remote attacker to cause a denial of service. The problem lies in the DNS response processing, specifically in the dns upcall() function, where the code fails to check if the number of queries or responses specified in the DNS packet header matches the available data in the packet. The attack vector involves a specific DNS response packet.

Recommendations For version 4.0.1, consider disabling the DNS feature or restricting access to the dns upcall() function until a patch is available to prevent exploitation. Additionally, avoid using the DNS response processing component until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.